CAPI2 (Certificate API) logs can be an invaluable resource when diagnosing issues related to TLS/SSL certificates and encryption. This Knowledge Base article will provide an overview of scenarios where CAPI2 logs might be useful, focusing on the UiPath Orchestrator, and will also include general steps for gathering CAPI2 logs for any certificate-related issues on Windows systems.
Can Be Helpful When CAPI2 Logs
CAPI2 logs can provide useful information in the following scenarios:
- Certificate validation errors in web browsers or applications
- Troubleshooting connections from UiPath Orchestrator to external services, such as databases
- Debugging communication issues between UiPath Robots and UiPath Orchestrator
- Diagnosing root causes for encryption errors in applications that use certificates for encryption.
How To Gather CAPI2 Logs?
Follow the steps below to enable and gather CAPI2 logs:
- Open Event Viewer:
- Press the Windows key + R to bring up the Run dialog.
- Type "eventvwr.msc" (without quotes) and press Enter.
This will open the Windows Event Viewer.
- Enabling CAPI2 logs:
- In the left tree view, expand the 'Applications and Services Logs' folder
- Expand the 'Microsoft' folder
- Expand the 'Windows' folder
- Scroll down and locate the 'CAPI2' folder. Click on it
- In the Actions pane on the right side, click on 'Enable Log.'
Now, CAPI2 logs are enabled, and Windows will start logging events related to CAPI2.
- Gathering CAPI2 logs:
- After enabling the log, reproduce the issue experienced
- Go back to the Event Viewer and click on the 'CAPI2' folder in the left tree view
- You will see a list of events in the middle pane
- If you need to analyze the log, look for events with a yellow warning symbol or a red error symbol. Double-click on any of these events to view additional details.
- Saving CAPI2 logs:
In some cases, it is required to save the logs, to share them or for further analysis. Follow these steps:
- In the Event Viewer, with the CAPI2 folder selected, click on 'Save All Events As...' in the Actions pane on the right.
- Browse to the location where you want to save the log file, and provide a filename. Make sure the format is set to "Event Files (*.evtx)."
- Click on the 'Save' button to save the logs.
Analyzing CAPI2 Logs
Now it is known to gather CAPI2 logs, it is helpful to understand what to look for in these logs. Here are some key elements to pay attention to:
- Event ID: CAPI2 events have specific event IDs that indicate the type of issue or operation. Some common event IDs to check for include:
- 53: Certificate Revocation Check Failure
- 41: Certificate Chain Building Error
- 51: Root Certification Authority (CA) Certificate Not Trusted
- 80: TLS/SSL Handshake Failure (caused by a certificate error)
- Description: The description of the event provides a textual explanation of the issue, which could include details about certificate validation errors, certificate chain issues, or application-specific problems.
- Event data: The event data section contains XML data, in which specific details about the issue can be found, such as:
- The certificate details like Subject, Issuer, Serial Number, etc.
- The URL where the certificate revocation check failed.
- The certification path that could not be built.
- The error code and status associated with the event
- Error Codes: Error codes provide more technical details about the issue, which can be useful for support teams and system administrators to diagnose and resolve the problem. Some common error codes include:
- 0x800B010A (CERT_E_CHAINING): A certificate chain could not be built to a trusted root authority.
- 0x800B0109 (CERT_E_UNTRUSTEDROOT): The root certificate is not trusted.
- 0x800B0101 (CERT_E_EXPIRED): The certificate has expired.
- 0x800B0110 (CERT_E_WRONG_USAGE): The certificate could not be used for the requested operation.
Conclusion
CAPI2 logs can provide essential information when troubleshooting certificate-related issues in UiPath Orchestrator and other applications. Keep this Knowledge Base article handy for future reference when dealing with such issues. Remember to provide these logs to UiPath Support, system administrators, or security teams when needed to expedite the troubleshooting and resolution process.
By following this guide, it should be possible to gather CAPI2 logs but also analyze them to identify the root cause of certificate-related issues in UiPath Orchestrator and other applications.